{"id":"https://openalex.org/W4385679828","doi":"https://doi.org/10.1109/sp46215.2023.10179362","title":"BayBFed: Bayesian Backdoor Defense for Federated Learning","display_name":"BayBFed: Bayesian Backdoor Defense for Federated Learning","publication_year":2023,"publication_date":"2023-05-01","ids":{"openalex":"https://openalex.org/W4385679828","doi":"https://doi.org/10.1109/sp46215.2023.10179362"},"language":"en","primary_location":{"id":"doi:10.1109/sp46215.2023.10179362","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46215.2023.10179362","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101702721","display_name":"Kavita Kumari","orcid":"https://orcid.org/0000-0002-2898-7850"},"institutions":[{"id":"https://openalex.org/I31512782","display_name":"Technical University of Darmstadt","ror":"https://ror.org/05n911h24","country_code":"DE","type":"education","lineage":["https://openalex.org/I31512782"]},{"id":"https://openalex.org/I45438204","display_name":"The University of Texas at San Antonio","ror":"https://ror.org/01kd65564","country_code":"US","type":"education","lineage":["https://openalex.org/I45438204"]}],"countries":["DE","US"],"is_corresponding":true,"raw_author_name":"Kavita Kumari","raw_affiliation_strings":["Technical University of Darmstadt","The University of Texas at San Antonio"],"affiliations":[{"raw_affiliation_string":"Technical University of Darmstadt","institution_ids":["https://openalex.org/I31512782"]},{"raw_affiliation_string":"The University of Texas at San Antonio","institution_ids":["https://openalex.org/I45438204"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051694999","display_name":"Phillip Rieger","orcid":"https://orcid.org/0000-0001-6216-7285"},"institutions":[{"id":"https://openalex.org/I31512782","display_name":"Technical University of Darmstadt","ror":"https://ror.org/05n911h24","country_code":"DE","type":"education","lineage":["https://openalex.org/I31512782"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Phillip Rieger","raw_affiliation_strings":["Technical University of Darmstadt"],"affiliations":[{"raw_affiliation_string":"Technical University of Darmstadt","institution_ids":["https://openalex.org/I31512782"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084600907","display_name":"Hossein Fereidooni","orcid":"https://orcid.org/0000-0002-3559-0296"},"institutions":[{"id":"https://openalex.org/I31512782","display_name":"Technical University of Darmstadt","ror":"https://ror.org/05n911h24","country_code":"DE","type":"education","lineage":["https://openalex.org/I31512782"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Hossein Fereidooni","raw_affiliation_strings":["Technical University of Darmstadt"],"affiliations":[{"raw_affiliation_string":"Technical University of Darmstadt","institution_ids":["https://openalex.org/I31512782"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012114492","display_name":"Murtuza Jadliwala","orcid":"https://orcid.org/0000-0001-9316-1943"},"institutions":[{"id":"https://openalex.org/I45438204","display_name":"The University of Texas at San Antonio","ror":"https://ror.org/01kd65564","country_code":"US","type":"education","lineage":["https://openalex.org/I45438204"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Murtuza Jadliwala","raw_affiliation_strings":["The University of Texas at San Antonio"],"affiliations":[{"raw_affiliation_string":"The University of Texas at San Antonio","institution_ids":["https://openalex.org/I45438204"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5079497016","display_name":"Ahmad\u2010Reza Sadeghi","orcid":"https://orcid.org/0000-0001-6833-3598"},"institutions":[{"id":"https://openalex.org/I31512782","display_name":"Technical University of Darmstadt","ror":"https://ror.org/05n911h24","country_code":"DE","type":"education","lineage":["https://openalex.org/I31512782"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Ahmad-Reza Sadeghi","raw_affiliation_strings":["Technical University of Darmstadt"],"affiliations":[{"raw_affiliation_string":"Technical University of Darmstadt","institution_ids":["https://openalex.org/I31512782"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5101702721"],"corresponding_institution_ids":["https://openalex.org/I31512782","https://openalex.org/I45438204"],"apc_list":null,"apc_paid":null,"fwci":4.3498,"has_fulltext":false,"cited_by_count":25,"citation_normalized_percentile":{"value":0.95476562,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"737","last_page":"754"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9962000250816345,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9919999837875366,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.9255050420761108},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7887412309646606},{"id":"https://openalex.org/keywords/probabilistic-logic","display_name":"Probabilistic logic","score":0.6762149333953857},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4947013556957245},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.4826931953430176},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.4680566191673279},{"id":"https://openalex.org/keywords/statistical-model","display_name":"Statistical model","score":0.4315006732940674},{"id":"https://openalex.org/keywords/bayesian-network","display_name":"Bayesian network","score":0.4164230227470398},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4051901400089264},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3623949885368347},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3053175210952759}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.9255050420761108},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7887412309646606},{"id":"https://openalex.org/C49937458","wikidata":"https://www.wikidata.org/wiki/Q2599292","display_name":"Probabilistic logic","level":2,"score":0.6762149333953857},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4947013556957245},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.4826931953430176},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.4680566191673279},{"id":"https://openalex.org/C114289077","wikidata":"https://www.wikidata.org/wiki/Q3284399","display_name":"Statistical model","level":2,"score":0.4315006732940674},{"id":"https://openalex.org/C33724603","wikidata":"https://www.wikidata.org/wiki/Q812540","display_name":"Bayesian network","level":2,"score":0.4164230227470398},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4051901400089264},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3623949885368347},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3053175210952759}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/sp46215.2023.10179362","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46215.2023.10179362","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"},{"id":"pmh:oai:tubiblio.ulb.tu-darmstadt.de:136834","is_oa":false,"landing_page_url":"https://www.computer.org/csdl/proceedings-article/sp/2023/933600b747/1Js0Ej4gSME","pdf_url":null,"source":{"id":"https://openalex.org/S4377196390","display_name":"TUbilio (Technical University of Darmstadt)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I31512782","host_organization_name":"Technische Universit\u00e4t Darmstadt","host_organization_lineage":["https://openalex.org/I31512782"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Konferenzver\u00f6ffentlichung"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":63,"referenced_works":["https://openalex.org/W152832198","https://openalex.org/W2072467104","https://openalex.org/W2150165932","https://openalex.org/W2198253679","https://openalex.org/W2559840118","https://openalex.org/W2752689052","https://openalex.org/W2766255512","https://openalex.org/W2767091268","https://openalex.org/W2784621220","https://openalex.org/W2788816110","https://openalex.org/W2810065831","https://openalex.org/W2888505697","https://openalex.org/W2897230576","https://openalex.org/W2904190483","https://openalex.org/W2945591580","https://openalex.org/W2964302399","https://openalex.org/W2972594657","https://openalex.org/W2981349114","https://openalex.org/W2982426954","https://openalex.org/W2990595670","https://openalex.org/W2995164118","https://openalex.org/W3003426262","https://openalex.org/W3021654819","https://openalex.org/W3030742901","https://openalex.org/W3048715803","https://openalex.org/W3090750097","https://openalex.org/W3095273258","https://openalex.org/W3100779497","https://openalex.org/W3106047871","https://openalex.org/W3113458348","https://openalex.org/W3127520698","https://openalex.org/W3138597937","https://openalex.org/W3178386862","https://openalex.org/W3204548896","https://openalex.org/W3209752568","https://openalex.org/W4213446860","https://openalex.org/W4221129260","https://openalex.org/W4226272105","https://openalex.org/W4292084264","https://openalex.org/W4318619660","https://openalex.org/W6606211877","https://openalex.org/W6631033597","https://openalex.org/W6681371073","https://openalex.org/W6681608319","https://openalex.org/W6684363390","https://openalex.org/W6728757088","https://openalex.org/W6743821447","https://openalex.org/W6745253412","https://openalex.org/W6747855403","https://openalex.org/W6748556508","https://openalex.org/W6748786018","https://openalex.org/W6752600739","https://openalex.org/W6757172675","https://openalex.org/W6763048141","https://openalex.org/W6768836789","https://openalex.org/W6770634426","https://openalex.org/W6771533808","https://openalex.org/W6773366154","https://openalex.org/W6780640148","https://openalex.org/W6784747331","https://openalex.org/W6787633081","https://openalex.org/W6799246147","https://openalex.org/W7056673059"],"related_works":["https://openalex.org/W4320031223","https://openalex.org/W3015678314","https://openalex.org/W4281902577","https://openalex.org/W4200629851","https://openalex.org/W3009072493","https://openalex.org/W4386185023","https://openalex.org/W4328053081","https://openalex.org/W4366850823","https://openalex.org/W3086120435","https://openalex.org/W2044710239"],"abstract_inverted_index":{"Federated":[0],"learning":[1,15],"(FL)":[2],"is":[3,26],"an":[4,230],"emerging":[5],"technology":[6],"that":[7,161,183,275],"allows":[8],"participants":[9],"to":[10,28,70,74,123,130,145,167,186,219,248],"jointly":[11],"train":[12],"a":[13,36,111,138,157,215,221],"machine":[14],"model":[16,53,73],"without":[17,286],"sharing":[18],"their":[19,91],"private":[20],"data":[21,99],"with":[22,68],"others.":[23],"However,":[24,80],"FL":[25,285],"vulnerable":[27],"poisoning":[29],"attacks":[30],"such":[31,96],"as":[32,81,97,241],"backdoor":[33,116],"attacks.":[34],"Consequently,":[35],"variety":[37],"of":[38,50,58,148,180,190,201,232,291],"defenses":[39],"have":[40,45],"recently":[41],"been":[42],"proposed,":[43],"which":[44,121,243],"primarily":[46],"utilized":[47],"intermediary":[48],"states":[49],"the":[51,59,71,102,142,153,178,187,202,225,233,288,292],"global":[52,72,293],"(i.e.,":[54,62],"logits)":[55],"or":[56,101],"distance":[57],"local":[60,203],"models":[61],"L":[63],"<inf":[64],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[65],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">2</inf>":[66],"\u2212norm)":[67],"respect":[69],"detect":[75,131,169,249,279],"malicious":[76,132,173,253,282],"backdoors":[77],"in":[78,134,152,284],"FL.":[79],"these":[82],"approaches":[83,182],"directly":[84],"operate":[85],"on":[86,94,261],"client":[87,128,191,204],"updates":[88,129,133,144,283],"(or":[89],"weights),":[90],"effectiveness":[92],"depends":[93],"factors":[95],"clients\u2019":[98,143,226],"distribution":[100],"adversary\u2019s":[103],"attack":[104],"strategies.":[105,206],"In":[106],"this":[107,164,245],"paper,":[108],"we":[109],"introduce":[110],"novel":[112,158],"and":[113,155,170,228,250,271,273,280],"more":[114],"generic":[115],"defense":[117,259],"framework,":[118],"called":[119],"BayBFed,":[120],"proposes":[122],"utilize":[124],"probability":[125],"distributions":[126],"over":[127,141],"FL:":[135],"BayBFed":[136,207],"computes":[137],"probabilistic":[139,165,195,222,246],"measure":[140,166,196,223,247],"keep":[146],"track":[147],"any":[149],"adjustments":[150],"made":[151],"updates,":[154,227],"uses":[156],"detection":[159],"algorithm":[160],"can":[162,277],"leverage":[163],"efficiently":[168],"filter":[171,251],"out":[172,252],"updates.":[174,254],"Thus,":[175],"it":[176,276],"overcomes":[177],"shortcomings":[179],"previous":[181],"arise":[184],"due":[185],"direct":[188],"usage":[189],"updates;":[192],"nevertheless,":[193],"our":[194,258],"will":[197],"include":[198],"all":[199],"aspects":[200],"training":[205],"utilizes":[208],"two":[209],"Bayesian":[210],"NonParametric":[211],"(BNP)":[212],"extensions:":[213],"(i)":[214],"Hierarchical":[216],"Beta-Bernoulli":[217],"process":[218],"draw":[220],"given":[224],"(ii)":[229],"adaptation":[231],"Chinese":[234],"Restaurant":[235],"Process":[236],"(CRP),":[237],"referred":[238],"by":[239],"us":[240],"CRP-Jensen,":[242],"leverages":[244],"We":[255],"extensively":[256],"evaluate":[257],"approach":[260],"five":[262],"benchmark":[263],"datasets:":[264],"CIFAR10,":[265],"Reddit,":[266],"IoT":[267],"intrusion":[268],"detection,":[269],"MNIST,":[270],"FMNIST,":[272],"show":[274],"effectively":[278],"eliminate":[281],"deteriorating":[287],"benign":[289],"performance":[290],"model.":[294]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":13},{"year":2024,"cited_by_count":8},{"year":2023,"cited_by_count":2}],"updated_date":"2026-04-02T15:55:50.835912","created_date":"2025-10-10T00:00:00"}